This December Android Users Get Several Security Updates
- Google has rolled out an update that addresses three major flaws in the widely used Android operating system.
- Other fixes included in this update are associated with 15 CVEs.
Critical flaw causing permanent DoS patched
A DoS flaw tracked as CVE-2019-2232 is said to be the most severe flaw this particular update tends to. The fix has been rolled out for Android devices running on operating systems versions 8.0, 8.1,9 and 10.
“The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted message to cause a permanent denial of service,” reads the Google bulletin.
The other flaws
The other two critical vulnerabilities are tracked as CVE-2019-2222 and CVE-2019-2223 and exist in the Media framework of Android.
- These two bugs are said to allow a remote attacker to execute code within the context of a privileged process.
- The fix has been issued for Android devices running on operating systems versions 8.0, 8.1,9 and 10.
- Apart from these several high severity flaws were also fixed in the latest update that was rolled out.
Qualcomm and manufacturer updates
Google’s updates were accompanied by those of Qualcomm, whose chips are used in Android devices. The security updates from Qualcomm were for 22 CVEs including three critical buffer overflow bugs. The fixed bugs have not reported to be exploited in the wild.
Android phone manufacturers including Samsung, Pixel, and LG have also released few patches.
With so many security updates released and a lot more vulnerabilities being reported, users must update their devices and operating systems with the latest updates as soon as possible.